*MACE Conference Call*
July 28, 2003
*Attendees*
Bob Morgan (chair) - Washington
Paul Hill - MIT
Michael Gettes - Duke
Steven Carmody - Brown
Jim Jokl - Virginia
Renee Frost - Michigan/Internet2
Mark Poepping - CMU
Keith Hazelton - Wisconsin
Scott Cantor - OSU
Neal McBurnett - Internet2
Diego Lopez - RedIRIS
Ken Klingenstein - Colorado/Internet2
Ben Chinowsky (scribe) - Internet2
*Discussion*
Bob opened the call with a discussion of the possible expansion of MACE membership. As the number of MACE activities continues to grow, so does the number of people expressing interest in joining MACE discussions. There is a need to balance collegiality with inclusiveness here; Bob suggested that MACE restrict membership to "program people" -- people committed to participating in the work of MACE as a whole -- as vs. organizers of particular activities. [AI] Bob will send the MACE list a summary of the rules on who can join MACE. [AI] All will send Bob their nominations for new MACE members.
Bob was at IETF in Vienna earlier this month. He observed that the operational needs of protocols for use in multi-hop settings (e.g. SIP, SIMPLE, Jabber, DIAMETER) have led most IETFers to see the need for signed-object end-to-end security, which in the IETF context means S/MIME backed by X.509. There is a sudden burst of interest in this area, and there are a lot of people who seem to expect it to "just work". Bob also learned that Microsoft is looking at publishing documentation of how they handle cert management in an instant-messaging context; Bob suggested that MACE pressure Microsoft to go forward with this, as such documentation would be helpful in planning MACE's own work in this area.
Keith gave a short report from the post-Catalyst Liberty/SAML BoF. About 20 people attended; Keith gave a presentation on federated identity management, SAML, and Shibboleth. Representatives from Boeing and Procter & Gamble presented work on federations within these companies; Keith noted that these federations were "among a close circle of friends," tending to confirm Keith's suspicion that FOO and InCommon are in the lead in thinking about how to get broader federations to work. Elliot Solomon expressed dismay that painful lessons from the past -- in particular the idea that identity should be the last thing revealed, not the first -- seem to have been forgotten in much recent federations work. Dan Bloom is sending Keith his take on Shibboleth; [AI] Keith will circulate Dan Bloom's note to key Shibboleth people, with a view to reaching consensus on a response.
Ken noted that there's growing interest at CSIS (http://csis.org/tech/authentication/) in a nationwide version of eduPerson; building such an object class would be one way to get people thinking about how to define their attributes, something which is necessary for attribute-based authorization systems like Shibboleth. Nevertheless, opinion in MACE runs strongly against this idea: a "USeduPerson" would be a distraction from more narrowly targeted, Shibboleth-centered attribute work; would encourage people to think in terms of identity-based rather than attribute-based authorization; and would be a big step toward a national identity card.
The Fall Internet2 Member Meeting is October 13-16. [AI] All who want to add sessions to the schedule for the Fall Internet2 Member Meeting will let Renee know ASAP. [AI] Renee will add a placeholder for a Jabber WG meeting at the Fall Internet2 Member Meeting.
MACE's projected Jabber WG is coming together; a chair, a scribe, and a flywheel have been chosen and a draft charter has been written. Bob noted that he spoke to Peter St. Andre at IETF; he's been involved with Jabber from the beginning and is interested in helping with the Jabber WG. It was also apparent at IETF that several competing technologies are being put forward for infrastructure-enabled instant messaging (e.g., XMPP, SIMPLE), so it was agreed that [AI] over the next few days, Bob and Michael will rewrite the Jabber WG charter to make Jabber the initial, but not necessarily the only, instant messaging technology to be taken up by the group. [AI] All will send the MACE list suggestions for a new name for the not-necessarily-just-Jabber working group. The focus of the group will be on bringing together representatives of planned or ongoing enterprise deployments. It was agreed that broadening the group beyond Jabber will require taking extra care that the group not factionalize along lines of loyalty to one or another technology.
Keith has been looking into possibilities for collaboration between Internet2 and the IMS Global Learning Consortium (http://www.imsglobal.org), whose tagline is "Open Specifications for Interoperable Learning Technology". Keith envisions a mutually beneficial relationship similar to that between the Shibboleth and SAML working groups: Internet2 would provide use cases for IMS to take into account in developing its standards. [AI] Ken, Scott, Keith, and Dirk Herr-Hoyman will confer on how the projected Internet2/IMS collaboration should relate to the work of other groups, such as PESC, who are working on the same problems as IMS. Keith will figure out what time on Tuesday, July 29, works for everybody, and Ken will set up the call.
Scott noted that there's now a P-12 (for Pre-K through 12th grade) working group in OASIS. Bob met with a group that provides IT support for all of K-12 in Washington State; they are coming to terms with the impending need to assign IDs to all students. Steven noted that the No Child Left Behind Act requires tracking children across school districts, something that's likely to develop into a national ID.
Finally, Keith noted that "people keep adding stuff to eduPerson, and we need to figure out what to do about this." [AI] Keith will start a discussion on the MACE list of issues involved in documenting community practices for local person schema, and Bob will add this to the agenda for the next MACE call.
*Action Items*
[AI] Bob will send the MACE list a summary of the rules on who can join MACE.
[AI] All will send Bob their nominations for new MACE members.
[AI] Keith will circulate Dan Bloom's thoughts on Shibboleth to key Shibboleth people, with a view to reaching consensus on a response.
[AI] All who want to add sessions to the schedule for the Fall Internet2 Member Meeting will let Renee know ASAP.
[AI] Renee will add a placeholder for a Jabber WG meeting at the Fall Internet2 Member Meeting.
[AI] Over the next few days, Bob and Michael will rewrite the Jabber WG charter to make Jabber the initial, but not necessarily the only, instant-messaging technology to be taken up by the group.
[AI] All will send the MACE list suggestions for a new name for the not-necessarily-just-Jabber WG.
[AI] Ken, Scott, Keith, and Dirk Herr-Hoyman will confer on how the projected Internet2/IMS collaboration should relate to the work of other groups, such as PESC, that are working on the same problems as IMS. Keith will figure out what time on Tuesday, July 29, works for everybody, and Ken will set up the call.
[AI] Keith will start a MACE list discussion of issues involved in documenting community practices for local person schema, and Bob will add this to the agenda for the next MACE call.